open banking explained

Open Banking explained

How it works and if your data is safe

Sweeping rules that mean banks must let you share your financial info with other authorised providers are now over two years old. But why were 'Open Banking' rules brought in and what does it mean for your money? Here's what you need to know.

Open Banking and Brexit

Many of the rules governing Open Banking came about through EU regulation, and some of its implementation relies on EU standards. As a result of the UK's exit from the EU, some technical changes to the Open Banking infrastructure are taking place behind the scenes on 31 December.

However, these changes don't affect the vast majority of Open Banking providers – so most applications should continue to work as normal and any disruption should be minimal. But we're still looking into the full potential impact of Brexit on the sector and will update this guide when we know more.

MSE weekly email

FREE weekly MoneySaving email

For all the latest guides, deals and loopholes simply sign up today – it's spam-free!

You've been able to let third-party providers such as budgeting apps access your bank account data for some time, but since 13 January 2018, you're protected when you do so – as long as the provider's authorised.

Some MoneySavers have got in touch with us, confused or worried about these changes. So to help you out, here's our lowdown.

What is Open Banking?

Open Banking is a series of reforms to how banks deal with your financial information, called for by competition watchdog the Competition and Markets Authority (CMA). It comes alongside a regulation with the snappy name 'the second Payment Services Directive' (PSD2), which also came into force on 13 January 2018.

In plain English, together they mean all UK-regulated banks have to let you share your financial data such as your spending habits, regular payments and companies you use (basically your bank, credit card or savings statements) with authorised providers offering budgeting apps, or other banks – as long as you give your permission.

The idea behind these changes is that they'll bring more competition and innovation to financial services which, in turn, is hoped will lead to more and better products to help manage your money.

For example, you could connect your bank account to an app that would analyse your spending and recommend a new product like a credit card or savings account to save you money, or sign up to a provider which displays all of your accounts with multiple banks in one place so you have a better overview of your finances.

OK, got it! But can I opt out of Open Banking?

First things first, it's important to point out that...

You don't have to share your data if you don't want to.

This is a fundamental part of it. The rules say that banks have to allow your info to be shared, but ONLY if you expressly give permission to the new provider – they can't just look at your accounts willy-nilly.

Each provider will ask for your consent to access your info when you sign up to it. It'll then send a request to your bank, which will process it and share your details. You can also withdraw your permission at any time.

If you just want to stay banking the way you do now, you absolutely can and no one's going to force you to change. So if you're not comfortable sharing your account data with anyone else – or don't want to use any of these new companies – you don't have to.

MSE weekly email

FREE weekly MoneySaving email

For all the latest guides, deals and loopholes simply sign up today – it's spam-free!

What accounts does Open Banking apply to?

You'll be able to share your data for any 'payment account' you hold. This includes current accounts, credit cards, prepaid cards and some savings, though the initial roll-out of Open Banking is just for current accounts.

The rules only apply to accounts which can be accessed online, and you'll need to connect your online banking with the third party so it can get your data.

Who can I share my data with?

Right, first off you need to be really careful when it comes to sharing your data, and don't just share it with anyone. You'll only be protected by your bank (if something goes wrong) if you share your data with an authorised company.

These authorised third parties will be regulated by the Financial Conduct Authority (FCA) or another European regulator, and will appear on the FCA's Register, and/or the Open Banking Directory.

Providers authorised under Open Banking will offer two types of services, and need to have different authorisations for each of the following:

1. Account information services. These let you see all of your account information from different banks in one place and offer features such as budgeting help and product recommendations. This could include budgeting apps and price comparison websites.

2. Payment initiation services. These will let you pay companies directly from your bank account and not through a third party like Visa or Mastercard. This could include retailers and even tech companies like Amazon.

There are several providers out there currently which already make use of your financial data. These include budgeting apps such as Yolt and Money Dashboard, and savings apps such as Chip and Plum (see our App-based banking guide for more). 

The big banks are also getting on board, and you'll see in your apps that you can add other accounts held elsewhere so you can see their balances in one view.

How can I check if a provider's authorised?

You can check if a company's authorised on the FCA Register or the Open Banking Directory, and providers should also tell you on their website or app if they're authorised, along with their registration number.

What if I use an unauthorised provider?

If you use a third-party provider that's not regulated, you won't get the same levels of protection against fraud. So if you lose money through it, your bank may not pay out. You should always check a provider before you give it access to your accounts – as above, you can do so on the FCA Register. If it's not authorised, ask what security measures it has in place.

If you're happy with a provider you can choose to give it access even if it's not authorised, but you need to be aware of extra risks.

We asked the FCA what you should do if you have doubts about a provider and it said: "If you're unsure about whether a company is legitimate, you should ask them for more information, for example, who they are regulated by. If you don't know who you are talking to, or there is reason to suspect that the provider is not who they claim to be, don't disclose your banking security credentials or other personal or financial information."

However, using a firm that is yet to be authorised doesn't automatically mean you're not protected – some apps like Chip already adhere to other regulations, such as the e-money regulations, which means your money's safeguarded.

Is my data safe with Open Banking?

As long as they're authorised, providers will only be able to access data needed for the service you've signed up to – so if you've asked one to look at your current account with one bank, it wouldn't also be able to look at a credit card you hold with that bank unless you give your express permission.

Plus, all providers have to comply with data protection rules, including GDPR regulation that came in in May 2018. The provider should tell you exactly which data it will use, how long for and what it'll do with it before you sign up. If you're unsure about anything, make sure you ask before you give it access, and if something feels wrong, don't share your data.

If you have any issues, you'll be able to go to the free Financial Ombudsman Service – see our Financial Rights guide for more.

It's unclear how long it'll take for every provider to become authorised. There are also concerns that opening up your data to new companies will leave more opportunities for fraudsters, who might try to trick you into authorising a payment that you then wouldn't be covered for.

Remember, though, if you don't want to opt in, you don't have to.

Tip Email

FREE Weekly MoneySaving email 

For all the latest deals, guides and loopholes simply sign up today - it’s spam free!

What if I experience fraud on my account after I've shared my data?

In the past, several banks have said that you'd be liable for fraud on your account if you'd shared your details with third parties, but the new rules mean that banks must allow you to share your details with authorised providers, and not hold you liable for fraud.

If you do see a payment out of your account which you didn't authorise, go to your bank as it's responsible for refunding it – as long as you haven't been 'grossly negligent' – and your bank can then take it up with the third party if it thinks it's been at fault.

The maximum you're liable for is £35 before you tell your bank about the fraud, and nothing after you've told it, so always notify your bank as soon as possible if you notice something dodgy.

However, this ONLY applies to authorised third parties, so it's important to check if a third party's regulated before you use it, if you're worried about potential fraud.

I want to sign up to one of the providers that'll recommend me better deals – will they have to offer the best deals available?

In short, no. There's no guarantee that any third-party company offering you new deals will be impartial. It may find you an energy deal that saves you money, but there's no guarantee it will have searched the whole of the market to find the cheapest tariff (like we do with our Cheap Energy Club). It may just offer deals from companies that pay it for new business.

So before you switch products, take a look at a site like to check you're actually being offered the best deal.

How will providers access my data?

This gets a bit technical – if you're not bothered about the ins and outs of how the new providers will get to your info, skip to the next question.

There are two main ways that third parties will access your data – screen-scraping, or application programming interfaces (APIs) (yes, it might sound like Greek to most of us!).

Screen-scraping is what most of the apps that are already on the market use, and involves you giving providers 'read-only' access to your online banking, essentially giving it your login details and letting it pretend to be you. However, it can only look at your account and can't make any changes or move money unless you give your explicit consent.

The use of screen-scraping will continue for a transition period until around September 2019, when the use of it will be banned due to fears it's not as safe as the second option, APIs.

Put simply, APIs allow people's information to be shared, such as their location, preferences, or whether or not they're in credit. This kind of technology is already widely used by the likes of Facebook, Google Maps and Uber. For example, Uber might use Google Maps' API so it can work out where you and your driver are.

The CMA's Open Banking standards create a blueprint for banks and third parties to follow when using APIs, and there are security measures in place to keep your data safe. When you try to give a provider access, any relevant bank(s) will also check that it's on the list of approved third parties.

Right, I think I'm getting it, but what exactly changed on 13 January?

If you choose not to use any of the new third-party providers, which you're well within your rights to do, nothing will have changed. Even if you do decide to use one of these new companies, there hasn't been a flood of change straightaway – in fact, it's more like a trickle.

All of the possibilities for new services that Open Banking allows are also not yet clear, and new companies are springing up all the time to test out new ways of using your data and make your financial life easier.

There's also no guarantee it'll be a success – it will be down to people trusting and using it, and banks and third parties making security and safety a priority.

So, should I use Open Banking?

It's completely up to you. As we've explained above, Open Banking has the potential to revolutionise how you manage your money.

It's for you to decide if you're happy sharing your data with third parties in the hope of getting a better deal or being more in control of your finances, but with the safeguards in place you should be better protected than you currently are if you go down that route.

Always remember that there aren't guarantees that any new product recommendations will cover the whole market, so check before you switch, and if you don't want to take part, you don't have to.

Tip Email

FREE Weekly MoneySaving email 

For all the latest deals, guides and loopholes simply sign up today - it’s spam free!

Spotted out of date info/broken links? Email: